search

near-daos / sputnik-dao-contract

Smart contracts for https://app.astrodao.com
https://astrodao.com/
MIT License
108 stars 77 forks source link

An account should not be able to claim same bounty multiple times #29

Open mikedotexe opened 3 years ago

mikedotexe commented 3 years ago

Currently there is nothing stopping a user from calling bounty_claim on the same bounty ID multiple times. This will likely happen by accident but confuses the logic in the rest of the contract, which assumes that an account only has one claim per bounty.

If a bounty has been paid out via an approval of a BountyDone proposal, it'll remove one key-value pair, but not additional ones. It does work for the user to call bounty_giveup to remove the other, however since this is an strange case, it may not be discoverable via a frontend.

At the end of the day, it just make sense to make this limit for usability.

You can check this in the branch for #28 which takes care of another issue by using this script:

#!/bin/sh

# Change these to your account ids
./build.sh
export CONTRACT_ID=sputnikdao2.mike.testnet
export CONTRACT_PARENT=mike.testnet

# Redo account (if contract already exists)
near delete $CONTRACT_ID $CONTRACT_PARENT
near create-account $CONTRACT_ID --masterAccount $CONTRACT_PARENT

# Set up
near deploy $CONTRACT_ID --wasmFile ~/near/sputnik-dao-contract/sputnikdao2/res/sputnikdao2.wasm
export COUNCIL='["'$CONTRACT_ID'"]'
near call $CONTRACT_ID new '{"config": {"name": "genesis2", "purpose": "test", "metadata": ""}, "policy": '$COUNCIL'}' --accountId $CONTRACT_ID

# Add proposal for a Transfer kind that pays out 19 NEAR
near call $CONTRACT_ID add_proposal '{"proposal": {"description": "test bounty", "kind": {"AddBounty": {"bounty": {"description": "do the thing", "token": "", "amount": "19000000000000000000000000", "times": 3, "max_deadline": "1925376849430593581"}}}}}' --accountId $CONTRACT_PARENT --amount 1

# Show error when a user tries to vote along with log
near call $CONTRACT_ID act_proposal '{"id": 0, "action": "VoteApprove"}' --accountId $CONTRACT_ID

# Someone claims the same bounty twice
near call $CONTRACT_ID bounty_claim '{"id": 0, "deadline": "1925376849430593581"}' --accountId $CONTRACT_PARENT --amount 1
near call $CONTRACT_ID bounty_claim '{"id": 0, "deadline": "1925376849430593581"}' --accountId $CONTRACT_PARENT --amount 1

# Show bounty claims
near view $CONTRACT_ID get_bounty_claims '{"account_id": "'$CONTRACT_PARENT'"}'

# Add BountyDone proposal done
near call $CONTRACT_ID add_proposal '{"proposal": {"description": "test bounty done", "kind": {"BountyDone": {"bounty_id": 0, "receiver_id": "'$CONTRACT_PARENT'"}}}}' --accountId $CONTRACT_PARENT --amount 1

# Vote it in
near call $CONTRACT_ID act_proposal '{"id": 1, "action": "VoteApprove"}' --accountId $CONTRACT_ID

# See how many now. Expect it to be empty but it's not
near view $CONTRACT_ID get_bounty_claims '{"account_id": "'$CONTRACT_PARENT'"}'
swfsql commented 2 years ago

If multiple claims are to be allowed on the same bounty by the same user, could you check this PR out @mikedotexe ?
https://github.com/mikedotexe/sputnik-dao-contract/pull/3

nninkovicSQA commented 2 years ago

Is there more info about this PR, issue is still not closed?

TrevorJTClarke commented 2 years ago

Is there more info about this PR, issue is still not closed?

I believe this needs a merge of the external PRs into a PR for this main repo. I do not see code that reflects the change.